See Tickets, an international ticketing services company owned by French media firm Vivendi, disclosed a security incident that impacted personal and financial data of its customers.

The company said it discovered the breach in April 2021 when it learned that a third-party gained access to certain event checkout pages on the See Tickets website. See Tickets promptly launched an investigation into the matter and worked with law enforcement and a forensic firm to identify potentially affected pages and transactions. However, it took the company nearly ten months to fully remove the malicious code from its site, and then another eight months to determine that customer information was compromised.

According to See Tickets, affected information may include personal and financial data (name, address, zip code, payment card number, card expiration date, and CVV number) of customers who purchased event tickets on the See Tickets website between June 25, 2019, and January 8, 2022. See Tickets didn’t share a total number of people impacted by the breach.

Hacker who crippled Liberia’s internet charged for running The Real Deal dark web marketplace

A British hacker behind the 2016 Deutsche Telekom Mirai infection and a powerful cyber-attack that accidentally took down Liberia’s internet is facing charges in the US for allegedly running the now-defunct “The Real Deal” dark web marketplace that sold hacking tools, stolen credentials, botnets, illegal drugs, and other illicit goods.

The thirty-four-year-old defendant, Daniel Kaye aka “Popopret,” “Bestbuy,” “TheRealDeal,” “Logger,” “David Cohen,” “Marc Chapon,” “UserL0ser,” “Spdrman,” was charged with access device fraud, using and trafficking in unauthorized access devices, and money laundering conspiracy.

Kaye was arrested in February 2017 at a London airport, and in July 2017, he pleaded guilty to hijacking over 900,000 routers on Deutsche Telekom's network using the Mirai malware. In September 2022, Kaye consented to his extradition from Cyprus to the US.

Apple fixes actively exploited iOS zero-day

Apple released security updates for iOS and iPadOS to remediate more than a dozen security vulnerabilities, including a zero-day flaw said to have been actively exploited in hacker attacks.

Tracked as CVE-2022-42827, the zero-day is described as an out-of-bounds write issue that could be abused for arbitrary code execution with kernel privileges. Apple has refrained from releasing further details about the zero-day flaw, other than acknowledging that it is aware of reports that it may have been actively exploited.

Besides CVE-2022-42827, the latest fix also addresses a slew of security issues in WebKit, IOHIDFamily, IOKit, and other components that allow arbitrary code execution.

Hackers hit Iranian atomic energy agency, release a trove of data on Iran’s nuclear program

A hacktivist group known as “Black Reward” announced it hacked Iran’s Nuclear Power Production and Development Company and stole more than 50GB of documents pertaining to the country’s nuclear program.

The group then began leaking the stolen info in their Telegram channel. The released data reportedly includes internal emails, contracts and construction plans related to operations of the Bushehr power plant, nuclear development agreements with domestic and foreign partners, and other documents.

Iran's atomic energy organization (AEOI) confirmed its e-mail server was breached, but said that the stolen data holds no value and consists of “common and current daily exchanges.”

Dormant Colors malvertizing campaign stealthily injects malware into Chrome, Edge browsers

A malicious campaign was discovered that makes use of browser extensions with more than 1 million downloads to infect the chromium-based browsers distributed via Chrome and Edge official web stores with data-stealing malware.

Dubbed “Dormant Colors,” the campaign relies on malvertizing (malicious advertising) to deliver a seemingly innocuous browser extension on the victim machine, and uses a novel approach that involves side-loading malicious code for stealing searches and browsing data when the extension is being installed.

The scheme allows the campaign’s operators to generate income from ad impressions and the sale of search data, as well as receive an affiliation fee when a victim visits any of 10,000 websites associated with this campaign.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Microsoft Exposed Customer Info in What Is Claimed To Be Biggest B2B Leak

Payment Details of 1.2M Cardholders Leak on the Dark Web